Shorewall devel - Mar 2005 - Logging patch

Hi,

I''ve attached a patch which fixes a logging problem with
log_rule_limit in custom actions.  E.g. this action:

,----[ Whitelist ]
| if [ -n "$LEVEL" ]; then
|     run_iptables -N ${CHAIN}Add
|     log_rule_limit $LEVEL ${CHAIN}Add WhitelistAdd DROP "$LOG_LIMIT"
$TAG
|     run_iptables -A ${CHAIN}Add -j DROP
|     run_iptables -N ${CHAIN}Del
|     log_rule_limit $LEVEL ${CHAIN}Del WhitelistDel DROP "$LOG_LIMIT"
$TAG
|     run_iptables -A ${CHAIN}Del -j DROP
| 
|     run_iptables -A $CHAIN -p tcp -m multiport --dports
$[$WHITELIST_PORT-1],$[$WHITELIST_PORT+1]  -m recent --remove --name WHITELIST
-j ${CHAIN}Del
|     run_iptables -A $CHAIN -p tcp --dport $WHITELIST_PORT -m recent --set
--name WHITELIST -j ${CHAIN}Add
| else
|     run_iptables -A $CHAIN -p tcp -m multiport --dports
$[$WHITELIST_PORT-1],$[$WHITELIST_PORT+1]  -m recent --remove --name WHITELIST
-j DROP
|     run_iptables -A $CHAIN -p tcp --dport $WHITELIST_PORT -m recent --set
--name WHITELIST -j DROP
| fi
`----

with this rules entry without a tag:

Whitelist:$LOG  net     fw

produced (truncated) log entries with ULOG used as TAG:
`Shorewall:WhitelistAdd:DROP:U''


Apropos tags: I''m currently abusing tags to pass parameters to a
custom action:

Limit:$LOG:IMAP net     fw      tcp     imap,imaps
Limit:$LOG:SSH  net     fw      tcp     ssh

,----[ Limit ]
| [ -n "$TAG" ] || exit 1
| 
| run_iptables -A $CHAIN -m recent --rcheck --seconds 60 --rttl --name WHITELIST
-j ACCEPT
| 
| if [ -n "$LEVEL" ]; then
|     run_iptables -N %$CHAIN
|     log_rule_limit $LEVEL %$CHAIN Limit DROP "$LOG_LIMIT" $TAG
|     run_iptables -A %$CHAIN -j DROP
|     
|     run_iptables -A $CHAIN -m recent --update --seconds 60 --hitcount 6 --rttl
--name $TAG -j %$CHAIN
| else
|     run_iptables -A $CHAIN -m recent --update --seconds 60 --hitcount 6 --rttl
--name $TAG -j DROP
| fi
| 
| run_iptables -A $CHAIN -m recent --set --name $TAG -j ACCEPT
`----

Is there a better way to do this?  (Except for writing an extra action
for each use case).


        Juergen

-------------- next part --------------
A non-text attachment was scrubbed...
Name: sw-log.patch
Type: text/x-patch
Size: 389 bytes
Desc: not available
Url :
http://lists.shorewall.net/pipermail/shorewall-devel/attachments/20050301/303ea6bd/sw-log.bin
-------------- next part --------------

-- 
Juergen Kreileder, Blackdown Java-Linux Team
http://www.blackdown.org/java-linux/java2-status/

Juergen Kreileder wrote:
> I''ve attached a patch which fixes a logging problem with
> log_rule_limit in custom actions.  E.g. this action:
Thanks!

[ ... ]
> 
> with this rules entry without a tag:
> 
> Whitelist:$LOG  net     fw
> 
> produced (truncated) log entries with ULOG used as TAG:
> `Shorewall:WhitelistAdd:DROP:U''
> 
> 
> Apropos tags: I''m currently abusing tags to pass parameters to a
> custom action:
> 
> Limit:$LOG:IMAP net     fw      tcp     imap,imaps
> Limit:$LOG:SSH  net     fw      tcp     ssh
[ ... ]
> 
> Is there a better way to do this?  (Except for writing an extra action
> for each use case).
Not currently.

-Tom
-- 
Tom Eastep    \ Off-list replies are cheerfully ignored
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key